1*34b82d3aSKP Singh // SPDX-License-Identifier: GPL-2.0 2*34b82d3aSKP Singh 3*34b82d3aSKP Singh /* 4*34b82d3aSKP Singh * Copyright 2020 Google LLC. 5*34b82d3aSKP Singh */ 6*34b82d3aSKP Singh 7*34b82d3aSKP Singh #include "vmlinux.h" 8*34b82d3aSKP Singh #include <errno.h> 9*34b82d3aSKP Singh #include <bpf/bpf_helpers.h> 10*34b82d3aSKP Singh #include <bpf/bpf_tracing.h> 11*34b82d3aSKP Singh 12*34b82d3aSKP Singh long ima_hash_ret = -1; 13*34b82d3aSKP Singh u64 ima_hash = 0; 14*34b82d3aSKP Singh u32 monitored_pid = 0; 15*34b82d3aSKP Singh 16*34b82d3aSKP Singh char _license[] SEC("license") = "GPL"; 17*34b82d3aSKP Singh 18*34b82d3aSKP Singh SEC("lsm.s/bprm_committed_creds") 19*34b82d3aSKP Singh int BPF_PROG(ima, struct linux_binprm *bprm) 20*34b82d3aSKP Singh { 21*34b82d3aSKP Singh u32 pid = bpf_get_current_pid_tgid() >> 32; 22*34b82d3aSKP Singh 23*34b82d3aSKP Singh if (pid == monitored_pid) 24*34b82d3aSKP Singh ima_hash_ret = bpf_ima_inode_hash(bprm->file->f_inode, 25*34b82d3aSKP Singh &ima_hash, sizeof(ima_hash)); 26*34b82d3aSKP Singh 27*34b82d3aSKP Singh return 0; 28*34b82d3aSKP Singh } 29